Jump to content

Malware found by SUPERAntispyware


Recommended Posts

This is what happened...

Yesterday, I accidentally clicked on a link that redirected me to scanner(dot)powerantivirus2009(dot)com.

I closed the browser right away.

I updated all my security apps and performed some verifications.

Only SAS found 13 entries, but couldn't remove them.

MBAM does not find anything, at all.

I already verified with Eset, Kaspersky, Sunbelt, Spybot, Ad-aware and AVG. Nothing finds nothing, but SAS.

I then tried Hijackthis and went to www.hijackthis.de, but all comes clean.

I then tried a-squared HijackFree and it reports some nasties. The problem is I don't know how to interpret and how to manually clean it.

I verified with a-squared Anti-Malware, and it found nothing.

This is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:04:50, on 17-08-2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\vsnp2uvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerMonitor.exe

C:\Program Files\Comodo\CBOClean\BOC427.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe

C:\Program Files\Haute Secure\CtPopup.exe

C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

C:\Program Files\Comodo\Firewall\cfp.exe

C:\Program Files\HostsMan\hostssrv.exe

C:\Program Files\Comodo\VulnerabilityAnalyzer\cva.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\COMODO\Memory Firewall\cmf.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

F:\PhoneConnectorVMC.exe

F:\VMC.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerConnect.exe

C:\Windows\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tsunami.pt

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerIE.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtBho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtToolBand.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [LinkScanner Monitor] C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerMonitor.exe /auto

O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe

O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"

O4 - HKLM\..\Run: [CtPopup.exe] "C:\Program Files\Haute Secure\CtPopup.exe"

O4 - HKLM\..\Run: [sBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h

O4 - HKCU\..\Run: [HostsServer] "C:\Program Files\HostsMan\hostssrv.exe" --start

O4 - HKCU\..\Run: [ComodoVulnerabilityAnalyzer] C:\Program Files\COMODO\VulnerabilityAnalyzer\cva.exe -h

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVI

Link to post
Share on other sites

Hi there, I don't recognize you as an approved helper...

If you would like to become one, an online school can assist.

For the time being, I have edited your post. FYI, Hijackthis won't modify the LSP stack, another program is required for that action.

Link to post
Share on other sites

Hi there, I don't recognize you as an approved helper...

If you would like to become one, an online school can assist.

For the time being, I have edited your post. FYI, Hijackthis won't modify the LSP stack, another program is required for that action.

Yes, the user gave a bad advice.

By the way, I'm pretty much sure that the Hijackthis log is clean, but nore 100% sure.

I don't know if you guys know how to interpret the results of a-squared Hijackfree? From what I could interpret I have some pretty nasties. I then verified with a-squared antimalware, but does not find a damn thing.

Link to post
Share on other sites

Hi and welcome to Malwarbytes. Sorry for the bad advice, I have that under control now. ;)

Please turn off TeaTimer it can interfere with removal. If you haven't already please read these instructions and post the logs requested in the order requested. Someone will be happy to help.

Link to post
Share on other sites

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.